CVE-2005-1992

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237	Patch
http://www.debian.org/security/2005/dsa-748
http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
http://www.auscert.org.au/5509
http://www.ciac.org/ciac/bulletins/p-312.shtml
http://secunia.com/advisories/16920/
http://www.kb.cert.org/vuls/id/684913	US Government Resource
http://www.redhat.com/support/errata/RHSA-2005-543.html
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www2.ruby-lang.org/en/20050701.html
http://www.securityfocus.com/bid/14016
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*

Information

Published : 2005-06-19 21:00

Updated : 2017-10-10 18:30

NVD link : CVE-2005-1992

Mitre link : CVE-2005-1992

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

yukihiro_matsumoto

ruby

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237", "name": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2005/dsa-748", "name": "DSA-748", "tags": [], "refsource": "DEBIAN"}, {"url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html", "name": "APPLE-SA-2005-09-22", "tags": [], "refsource": "APPLE"}, {"url": "http://www.auscert.org.au/5509", "name": "ESB-2005.0732", "tags": [], "refsource": "AUSCERT"}, {"url": "http://www.ciac.org/ciac/bulletins/p-312.shtml", "name": "P-312", "tags": [], "refsource": "CIAC"}, {"url": "http://secunia.com/advisories/16920/", "name": "16920", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.kb.cert.org/vuls/id/684913", "name": "VU#684913", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-543.html", "name": "RHSA-2005:543", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html", "name": "SUSE-SR:2005:018", "tags": [], "refsource": "SUSE"}, {"url": "http://www2.ruby-lang.org/en/20050701.html", "name": "http://www2.ruby-lang.org/en/20050701.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/14016", "name": "14016", "tags": [], "refsource": "BID"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064", "tags": [], "refsource": "CONFIRM"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819", "name": "oval:org.mitre.oval:def:10819", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents \"security protection\" using handlers, which allows remote attackers to execute arbitrary commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1992", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-06-20T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:30Z"}